Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » Microsoft Exchange Server Hack: How to Protect Your Organisation
Security experts are in crisis mode again as another significant vulnerability has appeared on the cyber threat landscape. No sooner had the dust seemingly settled on the recent SolarWinds hack than news came of a new vulnerability, this time affecting Microsoft Exchange Server, which has the potential to cause serious damage to organisations throughout the world.
In this blog we’ll explore the new Microsoft Exchange Server hack: what is it, who is exploiting it, what you should do to protect your organisation, how you can be sure you haven’t been compromised already, and what the risk is to your supply chain.
Let’s get started.
In early-January 2021, Microsoft was made aware of four critical vulnerabilities in a number of its Exchange Server products. These vulnerabilities impact on-premises versions of Exchange Server 2013, 2016 and 2019 but not Exchange Online.
The vulnerabilities discovered are as follows:
Note: details taken from Microsoft’s security blog here.
The net result of these vulnerabilities is that hackers have the ability to use them to execute remote commands on an Exchange Server. Despite Microsoft releasing patches to address the vulnerabilities on 2nd March 2021, hackers have had a two month window to exploit the vulnerabilities – even longer for those organisations that have yet to patch.
As we’ll learn in the following section, they have done exactly that.
The group you’ve probably heard about in relation to the Microsoft Exchange Server hack is Hafnium. Hafnium is a state-sponsored advanced persistent threat (APT) group from China, and Microsoft describes them as a “highly skilled and sophisticated actor”.
According to Microsoft, “Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.”
More concerning to many organisations, however, is the fact that the Microsoft Exchange Server hack is actually a relatively straightforward one to execute. The FBI and CISA have released an updated advisory saying that nation states and cybercriminals are exploiting the vulnerability, which should be of concern as it could be used to plant ransomware, conduct destructive attacks such as data wiping, or steal data to sell on criminal forums.
So, something that all organisations should take seriously. What should you do to minimise your exposure today?
If you have an on-premises version of Exchange Server 2013, 2016 or 2019, you need to patch it. Immediately. Patching the server will remove the vulnerability and prevent hackers from exploiting it to launch a cyber-attack on your organisation.
There’s a nuance here that’s worth exploring, though, and that’s the benefit of using software as a service (SaaS) applications rather than on-premises versions. As we stated earlier in this blog, Exchange Online wasn’t affected by this vulnerability.
However, if it had been an advantage of SaaS is that the vendor (in this case Microsoft) issues patches automatically as soon as they are released. This means you don’t have to patch manually, and minimises the window during which your organisation is vulnerable.
If you choose to invest in Microsoft cloud services, you’ll be leveraging the company’s $1 billion of annual investment in the latest cyber security technology and best practices. Microsoft truly is at the forefront of the cyber security revolution: every second, Microsoft gathers hundreds of gigabytes’ worth of telemetry, and this is brought to bear in it’s hyper secure Microsoft 365 and Azure offerings.
Something to consider. On that window though, even if you patched on 2nd March there were still a whole two months during which you were vulnerable to the Microsoft Exchange Server hack. How can you establish if you have already been compromised?
Our secure cloud experts have put together the following recommended steps to take to mitigate exposure and identify any indicators of compromise related to the Microsoft Exchange Server vulnerabilities. If you need support running through them, we can support you for a one-off fee – just email cyberclinic@6dg.co.uk.
Note: all scripts must be run as an administrator on each Exchange Server, regardless of whether a cluster set up is in place.
Again, cyberclinic@6dg.co.uk is the address to email of you need support in running through these steps. Once completed, you will have identified potential compromises within your environment. But what about your suppliers, if they’re running Exchange Server 2013, 2016 or 2019?
Short answer, yes. The slightly longer answer though is that your organisation has never been more reliant on supply chains to deliver products and services to your end users. Whether it’s sourcing parts from suppliers, outsourcing functions like finance or marketing, or working with logistics firms to transport your products around the world, your supply chain is critical to your operational integrity.
Hackers know this, and will actively target organisations in your supply chain in order to disrupt your operations and gain a foothold into your environment. And even if they don’t target you through your supply chain, any disruptions to your suppliers resulting from a cyber-attack can cause significant collateral damage to you as a result.
Here are four straightforward steps you should take to understand and mitigate your supply chain risk:
You may well work with suppliers that integrate with and have access to you network. Pay special attention to these suppliers, as any compromises they suffer can project directly into your network and act as a launchpad for ransomware and business email compromise (BEC) attacks.
A BEC attack is, broadly speaking, a type of phishing email. What makes it so dangerous is its targeting and sophistication. BECs are most commonly targeted at individuals responsible for handling money within organisations, and through carefully thought out methods their aim is to trick the individual into transferring money to an offshore bank account.
BEC attacks require diligence to address, as they often use sophisticated social engineering to convince victims to part with their money. Part of your supply chain considerations should include diligence around suppliers you make payments to, ensuring processes are in place to double- and triple-check that every payment made is legitimate.
By establishing your supply chain risk, you can further minimise your exposure to disruption as a result of the Microsoft Exchange Server hack.
The Microsoft Exchange Server hack is something that all organisations should take seriously – even those that don’t run the affected versions of Exchange Server. In this blog we’ve provided an overview of how to minimise the associated cyber risk your organisation faces.
At Six Degrees we have the expertise and the experience to deliver tailored solutions that will enhance your organisation’s cyber security posture. But before we start, we always want to understand your organisation and where you are on your own cyber security journey. That’s why we offer a cyber security assessment that will give us – and you – the knowledge and tools to roadmap the next steps of your journey. Schedule a call if you want to learn more.
Our new Threat Flash is compiled by our Cyber Intelligence Team to update you on ransomware that has been observed actively exploiting the Microsoft Exchange Server vulnerability. The report provides details of the ransomware attacks, along with suggested mitigation steps to protect your organisation.
Lockdown introduced new threat vectors for organisations in…
A newly-discovered cyber-attack has reached headlines as it…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.